Beware: your keyboard may be tattling on your typing

Security researchers in Switzerland have found four different ways of snooping …

The paranoid have lots of reasons to fear the current information age. Iffy wireless security protocols leave many wireless networking devices prone to snooping, while keyloggers have been used by malware writers to compromise security of wired systems. But researchers in Switzerland have given the security conscious another reason to be worried: they've found that they can snoop in on the emissions caused by keyboards sending signals down the wires, back to the main computer.

The researchers, Martin Vuagnoux and Sylvain Pasini, work in the Security and Cryptography Laboratory at the Ecole Polytechnique Fédérale de Lausanne, located on the shores of Lake Geneva. The duo reasoned that any information sent through electronic devices has to involve some sort of electrical signal, and these signals might be detectable as electromagnetic radiation as they traveled down unshielded wires. They weren't the first to consider this possibility, but they couldn't find any evidence in the literature that indicated it had been tested.

As you can see from videos posted on their site, the answer was a clear "yes." A paper describing the snooping is currently under review; in the meantime, Martin Vuagnoux was kind enough to provide some additional details.

The authors found at least four different hacks that can pick up emissions from either the keyboards or the signals sent down their wires to the computer itself. Two of these were sensitive to the length of the cable attached to the keyboard, but the remainder were not; Vuagnoux indicated that even laptop keyboards were susceptible to some methods of attack, indicating that the cable isn't a decisive factor in this attack.

Those who watch the video will see that the authors needed to disconnect the power adaptor from the laptop before starting keylogging. This is because the signals from the power converters swamped the output from the keyboard. Since posting the videos, however, Vuagnoux says he's received a lot of advice about the antenna they've been using. Apparently, a smarter antenna choice could help them see through this extraneous signal, and let them snoop from a greater distance.

The videos show a significant lag between the detection of the signal, its filtering, and the output of characters; they also show some very slow and deliberate typing. All of that is simply for purposes of demonstration, according to Vuagnoux. The filtering and decoding can be run in parallel to the signal acquisition, and can successfully track faster typists.

For now, the primary limiting factor is the hardware that processes the signal. Performing it in software on the computer's processor would take 35 seconds per keystroke. Switching to an inexpensive Field Programmable Gate Array cut that to a second per keystroke; Vuagnoux says that a $900 FPGA could cut things down to 25 milliseconds.

One of our resident physicists suggested that this result isn't surprising, as he figures that radio receivers are probably picking up signals that are lower powered than those being sent down the unshielded wiring of a keyboard. Still, there's a difference between knowing it's likely, and seeing a clear demonstration like the one in the videos.